Executive Summary
Summary | |
---|---|
Title | Lynx vulnerability |
Informations | |||
---|---|---|---|
Name | USN-206-1 | First vendor Publication | 2005-10-17 |
Vendor | Ubuntu | Last vendor Modification | 2005-10-17 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: lynx The problem can be corrected by upgrading the affected package to version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items. |
Original Source
Url : http://www.ubuntu.com/usn/USN-206-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CAPEC-123 | Buffer Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-131 | Incorrect Calculation of Buffer Size (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9257 | |||
Oval ID: | oval:org.mitre.oval:def:9257 | ||
Title: | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | ||
Description: | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-3120 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-15 (Lynx) File : nvt/glsa_200510_15.nasl |
2008-09-04 | Name : FreeBSD Ports: lynx File : nvt/freebsd_lynx.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1085-1 (lynx-ssl) File : nvt/deb_1085_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 874-1 (lynx) File : nvt/deb_874_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 876-1 (lynx-ssl) File : nvt/deb_876_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-310-03 lynx File : nvt/esoft_slk_ssa_2005_310_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
20019 | Lynx NNTP HTrjis() Function Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-310-03.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1085.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-874.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-876.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-803.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c01170bf499011daa1b8000854d03344.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-206-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-206-2.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-993.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-994.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200510-15.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-186.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-803.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:02:53 |
|